CIPA Compliance

As a condition of receiving E-rate funding, CIPA (children’s internet protection act) requires schools and libraries make a best effort to ensure that minors are protected when online, while also doing as much as possible to ensure as little intervention as possible on adult users.

There are three basic requirements that must be met in order to meet CIPA requirements, and secure E-rate funding.

Internet Safety Policy

Technology Protection Measure

Public Notice and Hearing

Internet Safety Policy

According to guidance provided at the USAC website, the internet safety policy must address the following issues:

Access by minors to inappropriate matter on the Internet and World Wide Web

The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications

Unauthorized access including “hacking” and other unlawful activities by minors online

Measures designed to restrict minors’ access to materials harmful to minors

Fundamentally, this means that a school or library must have a technological protection measure, which can monitor user activity and regulate access to content, primarily visual depictions, which are considered “obscene, child pornography, or harmful to minors.” Internet Safety Policies have expanded to address educating appropriate online behavior including interaction, cyber-bulling awareness, and response.

Technology Protection Measure

Required on computers with internet access, the Technology Protection Measure must not only provide protection to minors against materials deemed “harmful to minors” but also provide a way for authorized personnel to disable those protection when in use for bona fide research.

“Harmful to minors” actually has a very specific definition in this context. It includes, “any picture, image, graphic image file, or other visual depiction that – (i) taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion; (ii) depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and (iii) taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors.”

Public Notice and Hearing or Meeting

According to USAC, “The authority with responsibility for administration of the school or library must provide reasonable public notice and hold at least one public hearing or meeting to address a proposed technology protection measure and Internet safety policy. For private schools, public notice means notice to their appropriate constituent group.”

Documentation

There are several points where documentation will be required to prove certain elements of CIPA compliance have been met, but the documentation requirements differ depending on the status of the organization in question. For first time filers, there are is a detailed list of critera to be met, but for those schools and libraries who have already been a part of the program, a smaller list of documentation is required in the event of an audit. Those documentation requirements can be found in detail on the USAC website.

Smoothwall Can Help

Smoothwall can help schools meet their CIPA requirements in the following ways:

Transparent proxy filtering ensures that all devices are filtered all the time, but that the filtering permission can be elevated to disable the permissions, in the case of bona fide research.

Our content-aware engine does a deep scan of the content on a page, so content which is “harmful to minors” can be identified and blocked.

Drill-down reporting ensures that individual breeches of policy can be identified, and records can be kept for up to a year, in case of an audit.